Skip to content

Feeds

Subscribe to one feed, track every tool under it. Feeds are grouped by audience so you can stack what matters and ignore the rest.

Breaking releases

Past 7 days

Security insights
No immediate action
Aura v1.4.8 Breaking risk

Safer local dependency setup

Open
No immediate action
infisical v0.160.11 Breaking risk

UI, PAM, Vault, Gateway, Features

Open
No immediate action
microsandbox v0.5.5 Breaking risk

Sandbox, metrics, SSH, Go SDK, install

Open
Review required
Tuwunel v1.7.1 Breaking risk
Auth RBAC Dependencies

Federation fetcher, OIDC device grant, MSCs, PGP contact

Open
Review required
jelu v0.84.1 Breaking risk
Auth Dependencies

Login + import + menu deprecation + auth fixes

Open
sayanarijit/cottage v0.6.0 Breaking risk
Breaking changes
  • Added `ctg keygen` CLI command which is marked as breaking
Review required
spupuz/VibeNVR v1.29.7 Breaking risk
Auth Dependencies

Recording restarts + RTSP timeout + password masking

Open
Config change
weaviate v1.38.0 Breaking risk
Auth RBAC

HFresh, Namespaces, Nested filtering, Reindex, MCP, Replication, Boost

Open
Config change
Oikos v0.63.0 Breaking risk
Auth

Login block + hourly rates

Open
Upgrade now
fastmcp v3.4.1 Breaking risk
Dependencies

Starlette floor + OAuthProxy logging

Open
Config change
bytebase 3.19.0 Breaking risk
Auth

JIT data export + GitOps user tracking

Open
Review required
Superset desktop-v1.12.3 Breaking risk
Dependencies Auth

Desktop bump + GAds tracking – terminal removal

Open
No immediate action
datasets 5.0.0 Breaking risk

Agent traces + shuffling + new formats

Open
No immediate action
GDD v1.7.1 Breaking risk

Archive names + ZIP + iPhone fix

Open
Upgrade now
twenty v2.9.0 Breaking risk
Dependencies

i18n, website, partners, settings, files

Open
Config change
Oikos v0.62.0 Breaking risk
Auth

Multi‑Google calendar sync

Open
Upgrade now
rspamd 4.1.0 Breaking risk
Auth RCE / SSRF Dependencies

mx_check incompatible + checkv3 metadata

Open
Review required
multica v0.3.17 Breaking risk
Auth RBAC

CLI, Lark, Scheduler, Daemon, Docs

Open
No immediate action
Rackula v26.6.1 Breaking risk

LXC install fixes

Open
No immediate action
vllm v0.22.1 Breaking risk

Mellum v2 + AMD Zen inference + Ray hang fix

Open
No immediate action
weaviate v1.35.23 Breaking risk

Docker login fixes + rate limiter

Open
No immediate action
SwanLab v0.8.0 Breaking risk

Delete APIs, API keys, diagnostics, core refactor

Open
No immediate action
ypollak2/llm-router v10.1.2 Breaking risk

Dashboard persistence + enforce‑route recovery + coordination guard

Open
Review required
bewcloud v4.6.0 Breaking risk
Dependencies Breaking upgrade

Breaking changes — review before upgrading.

Open
No immediate action
WeKnora v0.6.1 Breaking risk

repo perf, Swagger fix, UI improvements, OpenSearch driver, admin console

Open
Upgrade now
InsForge v2.2.0 Breaking risk
Dependencies

Docs, Sites rename, DB fixes, Windows build, npm CVEs, Codex/oauth

Open
No immediate action
fireshare v1.6.15 Breaking risk

Blank image card fix

Open
No immediate action
Semble v0.3.3 Breaking risk

clear command + path block + function exposure

Open
Upgrade now
speakr v0.8.21-alpha Breaking risk
Auth

CSRF fix + SSO takeover

Open
agent-framework python-1.8.0 Breaking risk
⚠ Upgrade required
  • **Deprecation warning:** `github-copilot-sdk` version <1.0.0 will be unsupported in future releases.
  • When upgrading, migrate code using the previous synchronous Skill API to the new async resource lookup pattern.
Breaking changes
  • Upgrade github‑copilot‑sdk to version 1.0.0 (stable) – requires migration.
  • [BREAKING — experimental] Refactor Skill API to async resource and script lookup.
Notable features
  • agent-framework-core: Add MCP-based skills discovery (`McpSkillsSource`).
  • agent-framework-core: Progressive tool exposure via `FunctionInvocationContext`.
  • agent-framework-core: Add background agent support to harness agent.
No immediate action
Logsonic v1.2.5 Breaking risk

MCP removal + index reduction

Open
Upgrade now
FOSSBilling 0.8.2 Breaking risk
Auth Breaking upgrade

Security hardening + enhancements + bug fixes

Open
adk-python v2.2.0 Breaking risk
⚠ Upgrade required
  • `DEFAULT_LIVE_MODEL` remains unchanged; explicitly set `model="gemini-2.5-flash"` to keep previous LlmAgent behavior.
  • Update any direct callers of renamed helpers in `interactions_utils.py` (e.g., use `convert_contents_to_steps`).
Breaking changes
  • **agents:** Default model for `LlmAgent` changed from `gemini-2.5-flash` to `gemini-3-flash-preview`; agents without explicit `model=` now use the preview default. Set `model="gemini-2.5-flash"` to retain prior behavior.
  • **interactions:** Turn‑based helpers in `interactions_utils.py` renamed (e.g., `convert_contents_to_turns` → `convert_contents_to_steps`) and terminology switched from "turns" to "steps".
Security fixes
  • CVE-2026-48710
Notable features
  • Add `--trigger_sources` and ADK service options to `cli_deploy_agent_engine`
  • AutoTracingPlugin for OpenTelemetry auto‑instrumentation
  • RubricBasedMultiTurnTrajectoryEvaluator

Beta — feedback welcome: [email protected]